Mobile applications can help to curb the pandemic without sacrificing privacy

Blog post
Ville Ollikainen,
Kimmo Halunen
Nainen käyttää mobiilisovellusta

The world is currently in the grip of a pandemic the proportions of which have forced many nations to resort to emergency measures to control the spread. Finland has also introduced restrictions and even stopped people from travelling within the country – an unprecedented step in peacetime.

Mobile applications have been floated as one way to gradually lift certain aspects of the lockdown. These applications could, for example, track people’s social interactions and notify users and/or the authorities of any contact that users have had with individuals who were asymptomatic at the time but later tested positive for the virus. 

Most systems are based on user IDs

Several systems of this kind have already been introduced around the world, and new ones are being developed all the time. Most of the current technologies are based on some kind of user identification and automatically exchanging user IDs between smartphones. The IDs are stored in the smartphones’ memory, usually in an encrypted format. The encrypted data can only be decrypted by a trusted party (such as the national health authority). 

If a user tests positive for COVID-19, they can share the IDs stored on their smartphone with the authorities. The authorities can then decrypt the data, identify any individuals who may have been exposed, reach out to them and test them.

Contact tracing provides an alternative

There is also a way to trace infection chains without collecting user IDs, therefore enabling a higher level of privacy. This technology is based on identifying contacts between smartphones. No user IDs are needed in these kinds of systems. Instead, a unique key code is generated for each contact between two smartphones. These key codes can be created anonymously without either of the two users being identifiable.

In other words, the users are collecting data about their contacts with other users in the form of key codes and can share the key codes if they are later diagnosed with coronavirus. Any other users who may have been exposed can then be alerted on the basis of the key code data. This approach provides a higher level of protection for users’ privacy, as the identities of users are only revealed to the authorities with each user’s express consent.

Users of contact tracing applications can naturally also keep track of their social interactions and share the data with the authorities through secure channels. Users can also reveal their own identity to the authorities retrospectively. However, these data must be kept separate from the key codes and alerts in order to protect the privacy of each of the individuals involved.

The goal is a safe exit strategy

Both of the aforementioned technologies have potential in tracking the way in which the virus is transmitted. We also believe that the ability to trace these chains and using this technology will play a key role in the formulation of a controlled and safe exit strategy from the crisis.

In order to maximise the benefits of these kinds of applications, they need to be designed in a way that allays the public’s fears over smartphone tracking and builds trust among the users. The fact that there are people who do not take the epidemic as seriously as they should is a particular challenge. Since flouting the rules contributes to the spread of the virus, getting these people on board with the technology is crucial. This is why high availability, straightforward installation and user-friendliness as well as a sense of privacy are such critical criteria for the applications.  

Modern technology can be invaluable in protecting us in times of crisis. Tracking people’s movements in this way should never be the norm, regardless of how well privacy is ensured in practice. We all need to work together to make sure that these kinds of emergency measures can be lifted as soon as it is safe to do so.

Read more about our thoughts on the rendezvous based pandemic tracing by sharing Diffie-Hellman generated common secrets

Share